Security

Security is protecting against attackers who illegally exploit vulnerabilities in your system for their own purposes. Attachers might want to steal data for financial gain, stop customers being able to buy from you or cause damage to your reputation. They could be internal or external to your company. There are different types of security, for example, application security, network security, or security of the physical environment. Like your office building or work area. 

An example of application security is input sanitization, which can help protect against cross site scripting, and SQL injection attacks. A secure system should also not allow users to access features that they aren't meant to see, or unauthorized users to log on at all. An example of network security might be a firewall controlling traffic to and from the internet. 

Ensuring we build secure systems means our data and our customer's data is protected and it cannot be misused by attackers. Cyber attacks which exploit insecure systems can cost businesses a lot of money and reputational damage. 

Security often gets forgotten or left until the end when it's too late to fix. In the same way, no non trivial application is bug free, no application can be a hundred percent secure. If you want to practice security testing techniques, you must be careful to only do so on sites or applications where you have permission.

Physical security in the real world could be represented by locks on our doors to protect our cars or home, asking for ID from individuals who want to enter our home (to read the electricity or gas meter) or planning how to get home safely at night.

Security is there to protect what matters to us.

Cyber security is there to protect what matters to the software we develop, our businesses and our customers. This could include:

A popular model used in cyber security is the CIA triad; confidentially, integrity and availability.
Cyber security is a balancing act of the CIA triad.